You can easily add the machines you want monitored by ControlUp to your organization.
Note: We recommend that you secure communication between the agents deployed onto these machines and the ControlUp Console and ControlUp Monitors. For details on these security recommendations, ControlUp Agent Security Best Practices.
Click Add Machines in the Home ribbon. You can also right-click anywhere in your organization folder and select Add > Machines.
The Add Machines window prompts you to select your managed machines, using one of the following methods:
By selecting machine accounts from your Active Directory (default)
Choose a domain containing the machines to be added using the Domain selector button.
Choose a root OU for the Active Directory search using the Search Root selector. This is useful in large environments, in which the size of the directory may slow down the discovery process.
Search for and select computer accounts from Active Directory. Typing text in the Search Filter box performs inline filtering of the result table, which allows for faster location of machine accounts. The text you type in the Search Filter box can be any part of the machine name and does not require the use of wildcard characters.
By default, ControlUp attempts to contact your machines by using the DNS suffix configured in the Active Directory dNSHostName attribute of the account. In case the DNS configuration in your network specifies a DNS suffix which is different from the domain name, use the “Alternate suffix” text box to input the name suffix used in your network.
After locating the machines you would like to add to ControlUp, select them and click Add. The right pane will show all machines currently selected for addition.
By entering IP addresses or scanning your internal IP range
You may provide a list of IP addresses in the IP Addresses field. Multiple addresses should be separated by a semicolon (;). A contiguous IP address range may be scanned by using the IP Range option. Provide the start and end addresses for the IP range and click Scan to discover machines in that range.
By providing a text file that includes a list of machines to be added
ControlUp supports adding managed machines from a text file that includes a list of machines separated by line breaks, commas, semicolons or spaces. Use the “File Path” field to select a file, choose the file encoding if needed and click Load.
Note: When adding machines using a text file or by IP address, expand the Connection Settings optional pane to select the user account for discovery of the selected machines and to configure connection timeouts:
The credentials you provide here will be used for the Active Directory query only. To configure the credentials used for the agent deployment, edit your Active Directory connection on the Settings Window.
When you have selected your target managed machines and clicked Next, all selected computers are contacted and the following tests are performed:
- Ping test (unless disabled).
- .Net Framework installation test (unless disabled).
- Security test – the Windows user account you are using to connect to every managed computer is tested for local administrative rights on that computer.
- Existing ControlUp agent installation – if a ControlUp agent is already present on the machine, this agent will be used unless its version is outdated, in which case you may perform a seamless upgrade of the agent.
- You may rerun the agent installation process for any selected machine if an issue preventing agent installation has been resolved. You can also rerun the process for all failed machines using the “Rerun Failed” button.
At the end of this process, ControlUp agents start reporting performance data, and the ControlUp console will be ready to perform a variety of management tasks on your selected machines.
Deploying ControlUp agents from the hypervisor
After hypervisor connections have been made (see Connect to the Virtualization Infrastructure), you see all of the VMs that are managed by the hypervisors. If they already have the ControlUp agent installed, they look like all other managed machines. If they do not have the ControlUp agent installed and the status is “Install Agent”, you can easily deploy the agent to them by either clicking on the link in the status Install Agent or right-clicking the machine in the Information Grid. To deploy to multiple VMs at the same time, shift-click or control-click to choose your targets and then right-click on one of those selected machines.
The same Add Machines window opens as described above, with a few changes specific to adding machines from a hypervisor.
The Selected Folder field enables you to choose which folder to place the machines once an agent is installed.
The credentials at the top of the window is for the same purpose as described above. If you change the credentials you choose to use, you can click Scan to rescan the chosen VMs with the new credentials. If the credentials are valid and have sufficient permissions for installing the agent, the Description column will say Done and the VMs put into the target list. If there are any problems, the Description column will give as much detail as it can to help solve the problem.
The Add Machine process then continues as described above.
Deploying the agent from the hypervisor works only in the information grid and not from the organizational tree.
Any VM with a status of “Unmanaged” does not have any IP address information offered by the hypervisor, and therefore this method is not available for those VMs. If you want to deploy the agents to VMs in the unmanaged state, you will have to use a different method, as this method relies on knowing the IP address from the hypervisor.
In this version, ControlUp does not filter the ability to install the agent by guest OS, since not all hypervisors always tell what the guest OS is.
Deploying ControlUp agents behind firewalls
By default, ControlUp uses RPC for agent deployment. In some environments, RPC access to the managed computers may be blocked by firewalls or other security measures. To deploy ControlUp agents to these computers, in the ControlUp website, you can download a Windows Installer package. You can then use your deployment mechanism of choice to install the ControlUp agent on the managed machines. After completing the deployment, you are able to add these machines to ControlUp using the Add Computers window, provided that the agent communication TCP port (40705 by default) is not blocked by your security hardware and software.
Note: ControlUp agents installed using this method cannot be uninstalled remotely using ControlUp console. You should uninstall these packages manually or using your software deployment system of choice.
Note: The following functionality may be limited when accessing ControlUp agents behind firewalls: Remote Event Viewer, File System Controller (Get file properties, Gather and Send Files Here). These features rely on RPC communications and may not work if firewalls or other security measures on your network prevent this type of connection.
Secure communications between ControlUp Console/Monitor and ControlUp Agent
To secure the communication between the installed agent and the ControlUp environment, we recommend you do the following.
- On any computer running the ControlUp agent, enable a Firewall inbound rule that allows access to port 40705 only to authorized computers.
- Add these computers which ideally should use static IP addresses:
- Computers running the ControlUp Monitor service
- Computers running the ControlUp Console
If you don't own a firewall for your network, we recommend using the built-in Windows firewall alongside a Group Policy to apply the firewall rule to all machines running the ControlUp Agent.
Note: This recommendation reduces the risk of a potential attacker manipulating a ControlUp Agent using malicious code in case that potential attacker has penetrated the organization network.
Installing .Net Framework for managed machines
.Net Framework 3.5 or 4.5 is a mandatory prerequisite for computers that you would like to manage using ControlUp. After completing the Add Machines action, the computer/s appears in the organization as “Installation Failed” with an explanation that the required .Net Framework was not found.
For machines running Windows Vista or later and Windows Server 2008 R2 or later, .Net Framework feature installation can be performed remotely. To do so, select the machines, and from the Actions menu, select Agent Control, and click Deploy .Net Framework. ControlUp agent installation for these machines resumes as soon as the .Net Framework installation is complete.
The .Net Framework needs to be installed manually or deployed using your software deployment mechanism of choice for machines running Windows XP or Windows Server 2003.